Intrusion Detection Model of SCADA Using Graphical Features

Supervisory control and data acquisition system is an important part of the country's critical infrastructure, but its inherent network characteristics are vulnerable to attack by intruders. The vulnerability of supervisory control and data acquisition system was analyzed, combining common attacks such as information scanning, response injection, command injection and denial of service in industrial control systems, and proposed an intrusion detection model based on graphical features. The time series of message transmission were visualized, extracting the vertex coordinates and various graphic area features to constitute a new data set, and obtained classification model of intrusion detection through training. An intrusion detection experiment environment was built using tools such as MATLAB and power protocol testers. IEC 60870-5-104 protocol which is widely used in power systems had been taken as an example. The results of tests have good effectiveness.

[1]  Maarten Hoeve,et al.  Detecting intrusions in encrypted control traffic , 2013, SEGS '13.

[2]  Jiang Rong SIMILARITY SEARCH BASED ON SHAPE REPRESENTATION IN TIME SERIES DATA SETS , 2000 .

[3]  Igor Nai Fovino,et al.  A Multidimensional Critical State Analysis for Detecting Intrusions in SCADA Systems , 2011, IEEE Transactions on Industrial Informatics.

[4]  Sakir Sezer,et al.  Multidimensional Intrusion Detection System for IEC 61850-Based SCADA Networks , 2017, IEEE Transactions on Power Delivery.

[5]  Huy Kang Kim,et al.  A behavior-based intrusion detection technique for smart grid infrastructure , 2015, 2015 IEEE Eindhoven PowerTech.

[6]  Peter Maynard,et al.  Towards Understanding Man-in-the-middle Attacks on IEC 60870-5-104 SCADA Networks , 2014, ICS-CSR.

[7]  Ajay Prasad,et al.  SCADA security issues and FPGA implementation of AES — A review , 2016, 2016 2nd International Conference on Next Generation Computing Technologies (NGCT).

[8]  Rayford B. Vaughn,et al.  A Retrofit Network Intrusion Detection System for MODBUS RTU and ASCII Industrial Control Systems , 2012, 2012 45th Hawaii International Conference on System Sciences.

[9]  K. McLaughlin,et al.  Multiattribute SCADA-Specific Intrusion Detection System for Power Networks , 2014, IEEE Transactions on Power Delivery.

[10]  Qusay H. Mahmoud,et al.  A hybrid model for anomaly-based intrusion detection in SCADA networks , 2017, 2017 IEEE International Conference on Big Data (Big Data).

[11]  Frank Kargl,et al.  Sequence-aware Intrusion Detection in Industrial Control Systems , 2015, CPSS@ASIACSS.

[12]  K. McLaughlin,et al.  Intrusion Detection System for IEC 60870-5-104 based SCADA networks , 2013, 2013 IEEE Power & Energy Society General Meeting.

[13]  S. Mauw,et al.  Specification-based intrusion detection for advanced metering infrastructures , 2022 .

[14]  Tomomi Aoyama,et al.  Industrial Control System Monitoring Based on Communication Profile , 2015 .

[15]  Lingfeng Wang,et al.  Power System Reliability Evaluation With SCADA Cybersecurity Considerations , 2015, IEEE Transactions on Smart Grid.

[16]  Xiaojun Guo,et al.  A graphical feature generation approach for intrusion detection , 2016 .

[17]  Naixue Xiong,et al.  Design and Analysis of Multimodel-Based Anomaly Intrusion Detection Systems in Industrial Process Automation , 2015, IEEE Transactions on Systems, Man, and Cybernetics: Systems.